forked from sonic-net/sonic-host-services
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed ip6table internal_docker_ip_traffic rule command for multi-asic (…
…sonic-net#94) * Fixed ip6table internal_docker_ip_traffic rule command for multi-asic * Added test coverage Signed-off-by: anamehra <[email protected]>
- Loading branch information
1 parent
50db9d3
commit 02c20bc
Showing
3 changed files
with
57 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
tests/caclmgrd/caclmgrd_generate_allow_internal_docker_ip_traffic_test.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
import os | ||
import sys | ||
|
||
from parameterized import parameterized | ||
from sonic_py_common.general import load_module_from_source | ||
from unittest import TestCase, mock | ||
from pyfakefs.fake_filesystem_unittest import patchfs | ||
|
||
from .test_internal_docker_ip_traffic_vectors import CACLMGRD_INTERNAL_DOCKER_IP_TEST_VECTOR | ||
|
||
|
||
class TestCaclmgrdGenerateInternalDockerIp(TestCase): | ||
""" | ||
Test caclmgrd multi-asic generate internal docker ip allow rule | ||
""" | ||
def setUp(self): | ||
test_path = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) | ||
modules_path = os.path.dirname(test_path) | ||
scripts_path = os.path.join(modules_path, "scripts") | ||
sys.path.insert(0, modules_path) | ||
caclmgrd_path = os.path.join(scripts_path, 'caclmgrd') | ||
self.caclmgrd = load_module_from_source('caclmgrd', caclmgrd_path) | ||
self.maxDiff = None | ||
|
||
@parameterized.expand(CACLMGRD_INTERNAL_DOCKER_IP_TEST_VECTOR) | ||
@patchfs | ||
def test_caclmgrd_internal_docker_ip_traffic(self, test_name, test_data, fs): | ||
self.caclmgrd.ControlPlaneAclManager.get_namespace_mgmt_ip = mock.MagicMock() | ||
self.caclmgrd.ControlPlaneAclManager.get_namespace_mgmt_ipv6 = mock.MagicMock() | ||
caclmgrd_daemon = self.caclmgrd.ControlPlaneAclManager("caclmgrd") | ||
caclmgrd_daemon.iptables_cmd_ns_prefix['asic0'] = ['ip', 'netns', 'exec', 'asic0'] | ||
caclmgrd_daemon.namespace_docker_mgmt_ip['asic0'] = '1.1.1.1/32' | ||
caclmgrd_daemon.namespace_mgmt_ip = '2.2.2.2/32' | ||
caclmgrd_daemon.namespace_docker_mgmt_ipv6['asic0'] = 'fd::01/128' | ||
caclmgrd_daemon.namespace_mgmt_ipv6 = 'fd::02/128' | ||
|
||
ret = caclmgrd_daemon.generate_allow_internal_docker_ip_traffic_commands('asic0') | ||
self.assertListEqual(test_data["return"], ret) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
from unittest.mock import call | ||
|
||
""" | ||
caclmgrd internal docker ip traffic test vector | ||
""" | ||
CACLMGRD_INTERNAL_DOCKER_IP_TEST_VECTOR = [ | ||
[ | ||
"Allow internal docker traffic", | ||
{ | ||
"return": [ | ||
['ip', 'netns', 'exec', 'asic0', 'iptables', '-A', 'INPUT', '-s', '1.1.1.1/32', '-d', '1.1.1.1/32', '-j', 'ACCEPT'], | ||
['ip', 'netns', 'exec', 'asic0', 'ip6tables', '-A', 'INPUT', '-s', 'fd::01/128', '-d', 'fd::01/128', '-j', 'ACCEPT'], | ||
['ip', 'netns', 'exec', 'asic0', 'iptables', '-A', 'INPUT', '-s', '2.2.2.2/32', '-d', '1.1.1.1/32', '-j', 'ACCEPT'], | ||
['ip', 'netns', 'exec', 'asic0', 'ip6tables', '-A', 'INPUT', '-s', 'fd::02/128', '-d', 'fd::01/128', '-j', 'ACCEPT'] | ||
] | ||
} | ||
] | ||
] |